Configuring Users Accounts for the Instant AP Management Interface
You can configure RADIUSRemote Authentication Dial-In User Service. An Industry-standard network access protocol for remote authentication. It allows authentication, authorization, and accounting of remote users who want to access network resources. or TACACSTerminal Access Controller Access Control System. TACACS is a family of protocols that handles remote authentication and related services for network access control through a centralized server. authentication servers to authenticate and authorize the management users of an Instant AP. The authentication servers determine if the user has access to administrative interface. The privilege level for different types of management users is defined on the RADIUS or TACACS server. The Instant APs map the management users to the corresponding privilege level and provide access to the users based on the attributes returned by the RADIUS or TACACS server.
In Aruba Central, the Instant AP management user passwords are stored and displayed as hash instead of plain text. The command is enabled by default on the Instant APs provisioned in the template and UI groups. If a pre-configured Instant AP joins Aruba Central and is moved to a new group, Aruba Central uses the configuration settings and discards configuration settings, if any, on the Instant AP. In other words, Aruba Central hashes management user passwords irrespective of the management user configuration settings running on an Instant AP.
To configure authentication parameters for local admin, read-only, and guest management administrator account settings, complete the following steps:
1. In the app, set the filter to a group that contains at least one AP.
The dashboard context for the group is displayed.
2. Under , click > .
A list of access points is displayed in the view.
3. Click the icon.
The tabs to configure the access points are displayed.
4. Click , and click the tab.
The System details page is displayed.
5. Click the accordion and configure the following parameters:
|
Type of the User |
Authentication Options |
Steps to Follow |
|---|---|---|
|
|
|
In the drop-down list, select if you want to specify a single set of user credentials. If using an internal authentication server: 1. In and , enter a username and password. 2. In , retype the password to confirm. |
|
|
In the drop-down list, select the RADIUS or TACACS authentication servers. You can also create a new server by selecting from the drop-down list. |
|
|
|
In the drop-down list, select option if you want to use both internal and external servers. When enabled, the authentication switches to Internal if there is no response from the RADIUS server (RADIUS server timeout). To use this option, select the authentication servers and configure the user credentials for internal server based authentication. 1. In and , enter a username and password. 2. In , retype the password to confirm. |
|
|
|
If two servers are configured, the users can use them in the primary or backup mode, or load balancing mode. To enable load balancing, select from the drop-down list. For more information on load balancing, see External RADIUS Server. |
|
|
|
If a TACACS server is selected, enable TACACS accounting to report management commands, if required. |
|
|
|
|
To configure a user account with the read-only privileges: 1. In and , enter a username and password. 2. In , retype the password to confirm. |
|
|
|
To configure a guest user account with the read-only privileges: 1. In and , enter a username and password. 2. In , retype the password to confirm. |
3. Click .
